[FFmpeg-devel] stsz overflow

Baptiste Coudurier baptiste.coudurier
Tue Aug 25 18:11:21 CEST 2009


On 8/25/2009 12:26 AM, Reimar D?ffinger wrote:
> On Mon, Aug 24, 2009 at 07:05:53PM -0700, Frank Barchard wrote:
>> On Mon, Aug 24, 2009 at 4:08 PM, Alex Converse<alex.converse at gmail.com>wrote:
>>> The intermediate product here is the part that overflows. A final
>>> num_bytes calculated with appropriate intermediate precision should
>>> fit in in an unsigned 32-bit integer. Why not just fix that rather
>>> than reduce the number of entries supported?
>>
>> Alex,
>> Sorry, thats not going true overflows, where the final num_bytes is>
>> MAX_INT
>> Also this expression will overflow.
>> init_get_bits(&gb, buf, 8*num_bytes);
>>
>> This patch uses uint64_t to avoid math overflow, but checks the size before
>> attempting the av_malloc()
>
> Wow, what a mess (IMO). I think we are already at the point where it
> would be simpler to just get rid of that buffer and directly read the
> values "one by one" from the file.

No, it was decided to be done that way when the patch was submitted.

-- 
Baptiste COUDURIER                              GnuPG Key Id: 0x5C1ABAAA
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
FFmpeg maintainer                                  http://www.ffmpeg.org



More information about the ffmpeg-devel mailing list